<?php
error_reporting(7);

$templatelist = "redirect_vote_success";

require "global.php";

$articleid = intval($_POST[articleid]);
$article = validate_articleid($articleid);

if ($pauserinfo[userid] == 0) {
        show_nopermission();
} 

$checkvote = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "articlerate
                                            WHERE articleid='$articleid' AND userid='$pauserinfo[userid]'");

if (!empty($checkvote)) {
        show_errormessage("error_article_voted");
} 

$vote = intval($_POST[vote]);

if ($vote < 1 OR $vote > 10) {
        show_errormessage("error_invalid_vote");
} 

$DB->query("UPDATE " . $db_prefix . "article SET
                   totalscore=totalscore+'$vote',
                   voters=voters+1
                   WHERE articleid='$articleid'");
$DB->query("INSERT INTO " . $db_prefix . "articlerate (articleid,userid,vote,date,reason)
                   VALUES ('$articleid','$pauserinfo[userid]','$vote','" . time() . "','" . addslashes(trim($_POST[reason])) . "')");

redirect("$phparticleurl/article.php/$articleid", "redirect_vote_success");

?>